Forum Discussion
Critical RCE in NetScaler (Citrix) ADC and Gateway (CVE-2023-
Critical RCE in NetScaler (Citrix) ADC and Gateway (CVE-2023-3519)
On July 18, Citrix published a security bulletin (CTX561482) and released patches to address three vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). One of the vulnerabilities (CVE-2023-3519) is rated as critical and exploits on unmitigated appliances has been observed by Citrix.
CVE-2023-3519 is a remote code execution vulnerability in multiple versions of both Netscaler ADC and NetScaler Gateway. The other two vulnerabilities addressed in the bulletin are CVE-2023-3466, a reflected cross-site scripting vulnerability, and CVE-2023-3467, a privilege escalation vulnerability. Although Citrix says they are aware that exploits for CVE-2023-3519 have been observed, there is currently no publicly available proof-of-concept code.
For more information about the vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.
2 Replies
When the CVE will be available on Tenable?
Hi Rafael,
Coverage for CVE-2023-3519 has been released with the Plugin ID: 178442
If you can not see plugin ID 178442 available when configuring your scan, you can manually update the plugin feed. Our help site at https://docs.tenable.com/ can provide information on updating the plugins feed.
In future, you can also utilize our Plugins Pipeline page to check for upcoming Tenable coverage.
Have a great day!
Ciarán Walsh
